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Method and apparatus for processing and forwarding data 
packets 



BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

The present invention relates to a method for processing 
and forwarding data packets using at least one route table. 

2 . Description of the Prior Art 

The current standard architecture for a data packet 
router in a computer network comprises a packet 
classification module, a routing module and a packet 
scheduler module. As a first step, an incoming data packet is 
assigned a class by the classification module and possibly 
also predefined processing is applied to it, such as checking 
the source address, changing or adding some header fields, 
decrementing the time-to-live (TTL) field, dropping it if the 
TTL value reaches 0 etc. As a second step, the routing module 
uses the resulting class and packet header to evaluate the 
packet's further route. For this purpose it contains a 
forwarding information base which usually has the form of a 
route table and merely serves as "signpost"' for the data 
packets to be transmitted. Next, additional processing may 
apply to the packet, before the packet is put, as a third 
main step, in at least one packet queue that is controlled by 
the packet scheduler. Streamlined variants of the above 
process exist, where a packet is directly copied from the 
incoming network interface card that may have its own 
forwarding information base to an outgoing interface card. 

Ks/Wr/ 20023 /case 1 
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This standard procedure, the so-called "fast data path" 
of a router, is illustrated in Fig. 1. Whereas the route 
table, i.e. the "signpost" for data packets, can be 
5 dynamically updated, the procedure itself is a static 

pipeline operating on incoming data packets. The set of 
instructions applied to a packet is rather limited and 
predetermined by the packet's type (class). Reconfiguration 
of a data router, e.g. said updating of the route table, is 
10 achieved by special purpose "signaling" protocols. Data 

packets that belong to such a protocol are removed from the 
fast data path and are passed to external processing modules 
capable of handling the signaling protocol. 

15 Active networks add programmabili ty to a router while 

still adhering to the same architecture (see Fig. 2) : The 
router hosts one or more execution entities EE! to EE n which 
are responsible for interpreting program instructions 
contained in "active packets", namely data packets that 

20 themselves contain the program to be applied to them, or 
other signaling information. 

At a high level of abstraction, the control flow for a 
single packet inside a traditional and possibly active router 

25 in this standard approach can be depicted as shown in Figure 
3. A program store drives the Central Processing Unit (CPU) 
and the CPU reads from the route table for making routing 
decisions. Accessing the route table is necessary for almost 
every data packet that enters the system. Actual routers may 

30 have multiple CPUs, program and data stores. 

If a whole classical routing system is regarded from the 
data flow architecture point of view, it represents an 
example of the data flow model: Data items are processed by 
35 stationary instructions. This is in contrast to the "von 
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Neumann" computing model which is the dominant model for 
traditional computing. The "von Neumann" model is 
characterized by one or more control flows in motion that 
operate on data residing in explicitly addressed memory 
5 places. 

SUMMARY OF THE INVENTION 

It is the object of the present invention to provide a 
10 method that enables to process data packets in a computer 

network in the fast data path while simultaneously allowing 
to dynamically reprogram the router and to provide at the 
same time a new method for the execution of programs that 
makes parallel processing possible either in a data flow or 
15 in a "von Neumann" architecture. 

According to the invention, this object is achieved by 
means of a method for processing and forwarding data packets 
comprising the steps of: 
20 - providing at least one route table comprising entries 

containing an input index field and at least one operation 
code or a program for the execution of an operation, 

- assigning a selector serving as indexing datum to each 
data packet, the data packet and its selector being parts 

25 of a token, 

- matching of the selector of a packet matched with the 
input index field of the entries of said at least one 
route table, 

- execution on the matched token of the at least one 

30 operation contained in the at least one matched route 

table entry. 

According to an other aspect of the invention, an 
apparatus is provided for the processing of data packets in 
35 the fast data path while it can be dynamically reprogrammed 
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at the same time, namely an apparatus comprising the 
following items: 

- at least one route table comprising entries containing an 
input index field and at least one of operation code and 

5 of a program for the execution of an operation, 

- means for assigning a selector serving as indexing datum 
to each data packet, the data packet and its selector 
being parts of a token, 

- means for matching the selector of a packet with the input 
10 index field of the entries of said at least one route 

table, 

- means for executing on the matched token the at least one 
operation contained in the at least one matched route 
table entry. 

15 

According to the invention, at least one routing table is 
provided that comprises entries containing operation code or 
a program for the execution of an operation. In this way, the 
programmable packet processing method of the present 

20 invention replaces the routing module of classical packet 
routers and merges it with the execution entity modules as 
previously introduced. Figure 4 shows, on the same level of 
abstraction as Figure 3, this merging and the resulting 
control path for data packets. The method and apparatus 

25 according to the invention make it possible that standard 
operating and routing of data packets and dynamic 
reprogramming of the router take place in the same fast data 
path. Thus, reprogramming as well as routing is faster and 
handled more uniformly than by the methods and devices known 

30 so far. 



Further, an incoming data packet preferably contains 
itself the information on what operation is executed on it by 
having assigned a selector, i.e. an indexing datum to be 
35 matched with a route table input index field, that matches a 



5 



route table input index field that belongs to a certain 
operation to be executed on the packet. Therefore, any packet 
most naturally plays an active role instead of the passive 
role of the data packets in standard routing methods upon 
5 which pre-defined operations are executed. A selector may 

even refer to an operation that transfers an other operation 
stored within the packet to the routing table and thus 
activates it. In this way, the concept of "active packets" is 
naturally embedded by the invention in the classical routing 
10 concept. 

A further advantage of the method according to the 
present invention is that it allows the routing module to 
particularly quickly access information about the processing 
15 to be applied to a packet and its path since all the required 
information is contained in one selector field which may be a 
predefined bit field in the header of the packet. 
Conventional routing includes a relatively time consuming 
search for relevant information within a packet header. 

20 

A still further advantage of the present invention is 
that it is completely compatible to prior art routing and 
that the forwarding behavior of a classical routing module 
can be provided. 

25 

The method according to the invention, in addition to 
being a method for routing of packets containing simple data, 
also enables the execution of arbitrary programs. From the 
data flow architecture point of view, the execution model 

30 according to the present invention is an alternate computing 
model to the "von Neumann" model and is a hybrid with 
elements of a data flow- as well as of a "von Neumann" -model 
approach. A structural similarity to a data flow machine is 
given by the fact that instructions are stored inside the 

35 route table while data items (i.e. selector+packet tokens) 
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flow through these operations. However, the method according 
to the invention can also host a "von Neumann'" style of 
program by having one selector+packet token represent one 
flow of control. Each control flow then picks one instruction 
5 after the other, it therefore operates on the token's data as 
well as on the route table itself. 

The method according to the invention easily and 
naturally enables parallel computing. It just has to be 

10 allowed for the possibility that different tokens are matched 
to different route table entries at the same time and the 
corresponding operations are executed simultaneously. 
Parallel computing is even better be taken advantage of if 
the matching of tokens with route table entries is carried 

15 out in a non-deterministic instead of in a deterministic way. 

Finally, the method according to the present invention 
allows to implement distributed processing on different 
processing entities in a rather straightforward manner. 

20 

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 

In the following, a detailed description of an embodiment 
25 of the present invention, namely a routing module, is given 
with reference to Figure 5, which schematically depicts a 
bloc diagram of this embodiment of the method according to 
the invention. 

30 The routing module to be described in the following is 

based on four elements: 
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(a) 



A plurality of tokens of 
is a selector (or "tag") 
pkt is a data packet, 



the form <sel ,pkt> , where sel 
serving as indexing datum and 



(b) 
(c) 



a multi-set ("token bag") 
a route table consisting 
following fields: 



for storing tokens, 
of entries, each containing 



the 



I sel in I c I sel out j / I 

where sel± n is an in-selector value serving as input 
index field, c an operation code, sel out an out-selector 
value serving as output index field and i an additional 
state, i may contain information, such as an additional 
selector value, queuing information or other additional 
processing information, to be used depending on the 
status of the packet to be processed, 
(d) a control unit (CU) . 

This new routing module operates as follows: 

1. A <sel,pkt> token arrives from the packet classification 
module and is put into the multi-set. 

2 . The control unit picks and removes a token from the 
multi-set . 

3. The token's selector value sel is used to locate all 
entries in the route table that have a matching selin 
field. Tokens for which no matching in-selector values 
can be found are discarded. Alternatively, they are 
processed by a default processing routine. 

4. For each matching entry, the corresponding operation c is 
performed : 

If the operation is a FORW (forward) operation, the 
token' s packet data is put into a queue of the 
subsequent packet scheduler module. Information about 
which queue to use is either stored in the entry's 



state field i, is computed from the packet' s data, or 
is otherwise provided. 

If the operation is a HALT operation, the token is 
destroyed and no output token is generated. 
For any other operation, one or more new tokens are 
generated that contain the possibly modified packet 
data of the input token. The new tokens' sel values are 
either copied from the sel ou t field of the route table 
entry, or otherwise computed. 

5. New tokens, if any were generated, are put in the multi- 
set . 

6. Processing continues with step 1 or 2. 

The prior art's routing module's role is to map data 
packets, based on classifications and/or packet header 
fields, to the packet queues of the packet scheduler module. 
This forwarding behavior of the prior art's routing module 
can also be provided by the above specified new routing 
module. To do that, the following steps have to be carried 
out : 

Unicast forwarding: 

(a) The packet classifier (c.f. figures 1 and 2) is 
configured such that it provides a selector for each 
data packet type. Unclassif iable packets are assigned a 
default selector. The packets are subsequently put in 
the multi-set ("token bag") depicted in Fig. 5. 

(b) The routing table is configured such that each potential 
selector value has exactly one entry. 

(c) A special operation code c is defined and an associated 
procedure is implemented in the route table and an entry 
is defined whose sel in value corresponds to the default 
selector. The procedure thus treats the packets that 



were classified in the default category and which 
therefore need special matching rules (e.g. longest 
prefix for IP addresses: Such an operation most likely 
makes use of the entry's additional state i) . The said 
operation either outputs a new token whose selector 
value indexes another entry in the route table that 
contains the FORW operation and puts this token in the 
token bag, or it directly performs the FORW. 

Multicast forwarding: 

The same approach as above is used, except that multiple 
entries exist in the route table which have the same sel± n 
value. Two cases are possible: 

(1) The classifier assigns such an ambiguous selector value. 
Steps 3 and 4 will automatically take care of multiplying 
the incoming data packet, 

(2) The classifier assigns an unambiguous selector. However, 
one or more of the subsequent operations c create a new 
token with a selector value for which multiple entries 
exist . 

Applied in the above way for routing, the routing module 
works as a data flow computing device. A structural 
similarity to a data flow machine is given by the fact that 
instructions are stored inside the route table while tokens 
>N flow" through these operations. Also, selectors resemble the 
tags of data flow machines that identify the state and 
position of a token. However, we note that the matching and 
execution rules are different from classical data flow 
architectures (data-driven vs. demand-driven) as tokens can 
be discarded if there is no matching entry in the route 
table. Also, selectors are explicitly handled by the programs 
themselves instead of being an internal aspect of data flow 
execution . 



In addition to being a further development of a classical 
routing module, the new routing module also enables the 
execution of arbitrary programs by the virtue of the repeated 
execution of instructions according to the steps 3 and 4. 
This can be done as follows: 

Each thread of execution is mapped to one <sel ,pkt> token. 
The program instructions are stored as operations in the 
route table. 

A token's selector value points to the next instruction to 
process. It plays the role of the "program counter" of 
other computing devices. Instructions which generate an 
output token are therefore required to choose the new 
selector value such that it points to the next instruction 
to be processed. This may be done by choosing the selector 
contained in the sel out field of route table entries or by 
computing the new sel value. 
- Execution of a program flow ends when a selector value is 
matched with a route table entry containing an operation 
that does not generate an output token or when the 
resulting token has no matching entry. 

For executing programs for general purposes, the set of 
instructions has to contain minimal support for branching as 
well as memory access, allowing to conditionally divert 
program flows and to implement procedure calls: 

An instruction that is able to output tokens with 
different output selector values suffices to implement 
branching. The resulting selector value may depend on the 
token's packet data and/or any other state in the router, 
including the route table, the packet classifier and 
packet scheduler, and/or may even be assigned randomly. 
Instructions to add, read, change and remove complete 
entries in the route table provide memory access. It is 



interesting to notice that such instructions to add, read 
and remove entries from the route table turn the present 
invention's routing module into a Turing complete 
computing device. 

Together with instructions to store and retrieve selector 
values, e.g. inside a token's data packet, inside the 
route table, or in other places, the branching 
instructions enable procedure calls. 



If the method according to the invention is used in the 
way described above, it essentially is a "von Neumann" 
computing device. As each control flow picks one instruction 
after the other, it operates on the token's data as well as 
on the route table itself. This operation mode will be 
discussed further below more concretely by way of examples 3 
and 4 . 



Using the above described tools, the method according to 
the invention also most naturally leads to parallel 
computing. One has only to allow for the possibility that 
different tokens are matched with different route table 
entries simultaneously and to start with more than one token 
representing a program flow. For the case of the parallel 
execution of program flows, basic synchronization primitives 
must be provided: 



By switching off the eligibility of tokens to be picked by 
the CU, i.e. by temporarily removing tokens from the 
multi-set ("token bag"), execution flows can be suspended. 
Special instructions are provided to make suspended tokens 
re-eligible for execution, either explicitly (barriers, 
queues) and/or by environmental changes (e.g. a timeout or 
a condition to be fulfilled) . 



For some applications based on parallel computing it may 
be attractive not to predetermine the selection of route 
table entries that match a given token. In this case, the 
selection of these route table entries will be carried out by 
the machine instead of the programmer and will therefore be 
non-deterministic instead of deterministic. As a consequence, 
the processor or the processors can optimize its/their work- 
load and thus enable even faster processing. 

By means of the above specified tools, the programmable 
routing module outlined above enables a superset of classic 
router functionality as well as arbitrary programming to be 
implemented. It, however, is by no means the only embodiment 
of the invention and can be extended or modified in many 
respects . 

Instead of one route table as described above, multistage 
route tables or a plurality of route tables can be provided. 
In such a case it is for instance possible to map every 
execution entity (EE±) of a prior art routing module onto one 
route table and in this way to be able to make use of the 
wealth of tools developed for the prior art routers. A 
selector of a token will then not only select the route table 
entry but also the route table of which the entry is part. In 
this way, a packet can jump between the different route 
tables, depending on its selector, the sel out values contained 
in the route table and/or other information. Therefore, 
operations contained in different route tables, and for 
instance one operation out of every route table, can be 
executed on a single packet in its path. Alternatively, if, 
for instance, k route tables are present, the selector of a 
token could also be divided into k parts, each of which 
refers to an other route table. 
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One route table entry can also contain more than one 
operation. In such a case, preferably all route table entries 
will have the same number of operations. Further, also 
additional fields or attributes such as fields for the 
priority, counters, access control lists, certificates,... 
may be provided for. 

Operation code or a program contained in a route table 
entry can also exhibit a reference to an externally installed 
subroutine or any other software and/or hardware based device 
serving as an extension of said operation code or program. 
Further, there may be route table entries that, depending on 
the selector values and possibly also on the packet data of 
incoming tokens, can implement changes to these extensions as 
well as to other modules such as a packet classifier, a 
control unit or a scheduler of a router. 

A route table is a table in the conceptual sense and does 
not have to be a table in the literal sense. Therefore, it 
can have a data structure that is different from a table 
structure and, for instance, have the structure of an array 
of records or a linked list of memory zones. It can also be 
in a compressed form and comprise auxiliary data structures, 
for instance hash tables, or other lookup mechanisms to 
access the route table entries. 

The tokens do not need to have a <sel ,pkt> form. The 
selector information can also be contained explicitly or 
implicitly in the data packet and therefore has to be 
extracted or calculated from its contents. For many system 
architectures it will also be advisable to give the tokens 
additional attributes, such as suspended flag, processing 
queue, priority, credentials, access rights, certificates 
etc. In such additional attributes it can for instance be 
laid down that a packet is not allowed to make changes to the 
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route table, that it is to be processed only after a certain 
condition is fulfilled, etc. 

A variety of possible further embodiments of the 
5 invention concerns the data flow architecture. As explained 
above, the present invention relates to an execution model 
(Fig. 5) which is a hybrid with elements drawn from both, the 
"von Neumann" and from the data flow side. 

10 This hybrid approach is well in-line with the less strict 

view on data flow architectures that has emerged in recent 
years (multithreaded computers). However, in the present 
method for data packet processing and forwarding, tokens can 
flow in the network. Thus, data flow items are not confined 

15 anymore to one central processing unit but are transportable 
over the network. The selector concept, together with the 
"programmable route table" and the execution loop model of 
Figure 5, are the key enabler for this approach. The method 
according to the invention is therefore also highly suited to 

20 be implemented using multiple processing elements. 

An apparatus according to the invention, namely a router, 
comprises the following elements: 

- A device for receiving, processing and forwarding data, 
25 for instance a computer equipped with appropriate 

interfaces . 

- An implementation of the method for data packet processing 
and forwarding according to the invention on said device, 
for instance a program stored on the computer or a 

30 microprocessor the architecture of which is such that it 

supports the data flow and control flow architecture of 
the method according to any of claims 1 to 12 and 
particularly that it supports the data and control flow as 
schematically depicted in Fig. 5. 
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While previously the method and apparatus according to 
the invention were discussed in a rather abstract way, in the 
following a few examples for router table stored programs are 
given in order to make the invention concrete. The examples 
5 refer to the routing module comprising one route table having 
entries with four fields described above as embodiment of the 
invention . 

Example 1 : Forwarding Branch 

10 

Using a PASCAL like notation, we aim at implementing the 
following packet handling program with the new routing 
module : 

15 PROC example_one (s : selector) ; 

CONST t: selector; 
BEGIN 

IF exists a route table entry with in-selector s THEN 
drop front packet header; 
20 forward via selector s 

ELSE 

forward via selector t 

FI 

END. 

25 

where the incoming packet has the following layout 

(head) [sel slpayload] (tail) 

30 and is classified for selector p on entry (thus, initially 
the token has the form <p, [ s | payload] >) . 
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This packet format adheres to the convention that 
parameters for instructions and procedures are stored at the 
packet's head. Similarly, this convention will be extended 
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for the subsequent examples and the packet's tail will be 
used for a stack of return addresses (selectors) . 

The following instructions are needed to implement the 
5 first example program: 

- NOP token (s: selector) 

token ( ) is a pseudo operation that changes a token's 
selector value to the new value s before the token is put 
10 back into the token bag. 

The token () pseudo operation can be realized by the stand- 
alone instruction NOP (no-operation) whose sel ou t field has 
the value s: 



\seiin | NOP |s |- I 

15 

- JCEX jump_on_existence (a, b, c: selector) 

A conditional jump is made i.e., the output token receives 
a new selector value depending on the content of the route 
table : 

20 

IF exists a route table entry with in-selector a THEN 
token (b) 

ELSE 

token (c) 

25 FI 

By convention it is assumed that parameter a is stored as 
the first header field inside the token's packet data as 
described above, while b and c are stored in the route 
30 table entry of the JCEX instruction instance. 

- JH jump_to_header ( ) 

The token's new selector value is taken from the token's 
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packet header, and the packet length is trimmed 
accordingly: 

VAR s: selector; 

s ;= pop front of packet header 
token (s) ; 



Using these three instructions, the forwarding branch 
procedure example-one { ) is implemented by the following route 
table content: 



sel m 


OP 


selout 


addtl. state 




p 


JCEX 


U 


t 2 


jmp to U if hdr field (s) is 
known, else jmp to t 2 


u 


JH 






pop hdr field and jump 
there (s) 


t 2 


FORW 




queue id 


forward 


s 


FORW 




queue id 


forward 



Packets arrive classified for selector p. Thus, program 
execution starts with the first line of the table above. Note 
that the last line of the table above may or may not be 
present: The program will take care of correctly forwarding 
packets in both cases . 

Example 2 : Recursive Procedure Call 

In this example, a procedure will recursively be called 
that pops a header field until it encounters a header field 
with a specific value m. The program should thus work like 
the following 

PROC example_two () ; 
CONST m: selector; 
VAR s: selector ; 
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BEGIN 

s := pop packet header; 
IF NOT (s = m) THEN 
example_two () 

5 FI 
END. 

where the incoming packet has the following layout: 

10 [si | s 2 I . . . | m | payload] . 

In order for the "return addresses" r± of procedure calls 
to be stored, they we will be appended to the data packet's 
tail : 

15 

[ - - - I payload | n I . . . I r n ] 

The following additional instructions are needed for this 
example program: 

20 

- JC j ump_conditional (a, b: selector) 

Conditionally jumps to selector a, i.e. the output token 
has a as its selector value, if the packet's first header 
field is not the null selector. Otherwise, execution 
25 continues at selector b (the output token obtains the 

selector value b) . 

- JT jump_to_tail ( ) 

Pops the outermost tail field of the data packet which 
30 becomes the output token's new selector value. The data 

packet's length is reduced accordingly. 

- POPH pop_header() 

Removes (drops) the first header field of the data packet 

35 
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- PUSHT push_tail ( selector s) 

Extends the data packet by the selector value s. 

- XOR xor(s: selector) 

5 Performs a bit-wise XOR operation on the packet's first 

header field with s. 

The following route table implements the recursive 
procedure example-two {) . As in the previous example, the 
10 token arrives selected for a selector value p, i.e. it 
initially has a sel value of p: 



sel in 


OP 


sel 0 ut 


addtl. state 




p 


PUSHT 


to 


t 6 


save return addr t 6 , jmp to proc 
at t 0 


to 


XOR 


U 


m 


start of proc: compare with m 




JC 


t 2 


U 


jump to U if equal (i.e. first 
header field=0) 




POPH 


t 3 




drop first header field 




PUSHT 


to 


t 5 


save return address / 5 , jmp to 
proc at t 0 




POPH 


ts 




drop first header field 


ts 


JT 






return from proc call 


te 


FORW 




queue id 


forward trimmed packet, end of 
example program 



15 Example 3: Stream Programming (Program Downloading) 

This example shows a method to store a program inside a 
remote route table by sending appropriate data packets. This 
is useful for having "path finder packets" to configure a 
20 remote node by downloading a program that will treat a data 
stream's subsequent packets. 
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An external representation of route table entries is 
required that is self -delimiting . The following instruction 
depends on such a format: 

5 - ADDOP add_operation { r : route_table_entry ) 

The route_table_entry {S in , op , S out and additional state) is 
popped from the packet's header and placed in the route 
table. The length of the data packet is accordingly 
decreased . 

10 

- HALT halt ( ) 

Discards the current token (i.e., ends the current program 
flow) . 

15 The following route table program scans a data packet for 

route table entries and installs them. For this, the data 
packet must consist of a sequence of route table entries re if 
followed by a zero selector field: 

20 [rex|...| re n | 0-sel I payload] 

Furthermore, the following program, the "packet handler 
program", is permanently stored inside the route table. The 
selector DP is a well-known selector to be used for invoking 
25 the downloading program: 



sel in 


OP 


sel out 


addtl. state 




DP 


JC 


to 


U 


start of download proc: 0-sel? 


to 


ADDOP 


DP 




install new table entry, loop 


u 


HALT 






end of proc 



This download program can be extended by user provided 
enhancements, allowing to "bootstrap" fancier download 
30 procedures. If for example a "confirmed download" service is 
required, one can use the program above to blindly download 
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the modified download program which, instead of executing the 
halt() instruction, returns a confirmation packet. 

Example 4 : Active Packets 

5 

Instead of having a pre-stored program being applied to 
data packets, this example shows how to implement in-band 
programming where the program to be applied to a packet is 
carried inside the packet itself. Various names are used 
10 synonymously for such packets: capsules, messengers or active 
packets . 

One approach consists in extending the stream programming 
example above in two ways. The first modification relates to 
15 the packet format, where we presume that a second (start-) 
selector value follows the 0-sel of the previous example: 

[ re x | . . . | re n | 0-sel | start- sel | pay load] 

20 The second modification concerns the packet handler 

program: 



seij n 


OP 


sel out 


addtl. state 




AP 


JC 


to 


ti 


active packet proc: 0-sel? 


to 


ADDOP 


AP 




install new table entry, loop 


tl 


POPH 


t 2 




drop null selector 


t 2 


JH 






jump to start selector 



The disadvantage of this approach is that the in-band 
25 program is stripped from the packet, preventing self-routing 
packets to keep their code base as they travel in an active 
network. The second approach below fixes this problem by 
introducing the following concurrency related instructions: 



QIN queue_in(s: selector) 

The current token is "put into a token queue", the queue i 
identified by the selector s at the packet's first header 
position, this header field is removed and the packet 
length is adjusted accordingly. 

Only the token which is at the head of the token queue is 
eligible for execution, other tokens in the queue have to 
wait until they advance to the head position. Tokens can b 
in at most one token queue at any time. Switching to 
another queue implicitly removes the token from its former 
queue it was in. Terminating a token (e.g. using the HALT 
operation) also frees the head position of the token's 
current queue. 

FORK fork (a, b: selector) 

This operation outputs two tokens. Both have the same 
packet data but different selector values (a or b) . There 
is no parent/child relation between the forked tokens, 
although the token with the selector a inherits all input 
token attributes, e.g. position in a token queue, while th 
attributes of the other token are reset to some default 
value . 

DUPH dup_head(s: selector) 

Duplicates the selector s at the packet's head. This 
results in a larger data packet that starts with two 
identical header fields. 

DUPT dup_tail {) 

Duplicates the selector at the packet's tail. This results 
in a larger data packet that ends with two identical tail 
fields . 

Active packets need to have the internal format 
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[ id-sel I rei | . . . | re n | O-sel | payload | start-sel] 

for being processed by the following extended active packet 
loader program: 

5 



sel in 


OP 


sel out 


addtl. state 




EAP 


DUPH 


to 




extd active pkt loader: dup id sel 




QIN 


ti 




put thread in the 'id' queue 




FORK 


t 2 


Uo 


Fork 




JC 


t 3 


U 


install the pkts program: O-sel? 




ADDOP 


U 




add new route table entry, loop 




HALT 






end (and quit the current queue) 


Uo 


DUPH 


Ui 




the forked token, dup id selector 


Ui 


QIN 


u 2 




put thread in the 'id' queue, block 


u 2 


DUPT 


u 3 




dup start selector at the tail 


u 3 


JT 






jump to start selector 



Note that the forked token synchronizes with the main 
token when the later has finished installing the program. 
Synchronization is achieved via the queue that is identified 

10 by the id selector. Preferably, each active packet is 

assigned its own id value in order to avoid synchronization 
conflicts. Despite the f ork ( ) operation, the main token 
remains at the head of this queue and continues to do so 
during the install loop. The forked token inserts itself into 

15 the same queue, but will occupy the second position, thus 
block. When the main token halts and thus quits the token 
queue, the forked token advances to the head position and 
starts executing the freshly installed program. At this 
point, the token's packet data is identical to the data that 

20 the original token had when it entered the new routing 
module . 

Example 5 : Beyond a Single Router - Distributed Programming 
and a Router Model with Trivial Classification Module 



In this example it will be shown that the concept of 
instructions at the route table level that explicitly point 
to the next instruction can be seamlessly extended beyond the 
scope of a single router or route table to a net of 
processing entities. It suffices that a packet is transmitted 
together with its token selector value e.g. by choosing the 
following wire format that contains an initial selector 
field: 

[init-sel | pkt ] 

The init selector and the remaining packet payload are 
the two elements required to form a token: Classification of 
an incoming data packet is reduced to reading in the init-sel 
field. Of course, the network architecture that is induced by 
such a router model requires that packet classification is 
performed upstream, or ultimately at the edge of such a 
network . 

With the wire format presented above, selectors can be 
turned into pointers to remote instructions: They allow to 
arbitrarily redirect the execution flow to one or more 
neighbor routers or route tables and to implement distributed 
algorithms. For redirection, one has to replace a route table 
entry by one or more FORW operations that send a packet to a 
remote node where processing will continue. The S out field of 
the table entry containing the FORW operation can then be 
used for specifying the selector for the remote target 
instruction . 
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WHAT IS CLAIMED IS: 

1. A method for processing and forwarding data packets 
comprising the steps of: 

5 - providing at least one route table comprising entries 

containing an input index field and at least one operation 
code or a program for the execution of an operation, 

- assigning a selector serving as indexing datum to each 
data packet, the data packet and its selector being parts 

10 of a token, 

- matching of the selector of a packet matched with the 
input index field of the entries of said at least one 
route table, 

- execution on the matched token of the at least one 

15 operation contained in the at least one matched route 

table entry. 

2. A method as claimed in claim 1, wherein the route 
table entries further contain an output index field, wherein 

20 at least one multi-set of tokens is maintained, that every 
matched token is removed from said at least one multi-set, 
that the packet of such a matched token, depending on the 
semantics of the operation referenced by the matched route 
table entry, is forwarded or destroyed or at least one new 

25 token is generated and again added to one of said at least 
one multi-sets, the selector of said at least one new token 
being copied from the output index field of the matched route 
table entry or being otherwise computed. 
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3. Method as claimed in claim 2, wherein tokens can be 
temporarily removed from said at least one multi-set and 
reinserted later on. 
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4. Method as claimed in claim 2, wherein a control unit 
is provided which selects the tokens from the multi-set to be 
matched with entries of the route table. 



5 5. Method as claimed in claim 1, wherein the route table 

comprises at least one entry containing one of operation code 
and a program that can take care of at least one of entering 
parts of the contents of a data packet containing operation 
code into a route table entry and of removing or changing 
10 existing route table entries. 



6. Method as claimed in claim 1, wherein at least one of 
operation code and of a program contained in at least one 
route table entry comprises an extension. 

15 

7. Method as claimed in claim 6, wherein the route table 
comprises at least one entry containing at least one of 
operation code and of a program that can take care of 
altering an extension or other modules based on information 

20 contained in a data packet. 



8. Method as claimed in claim 5 or 7 , wherein at least 
one token containing operation code is assigned a program 
flow and that at least one of the operation code and its 
25 selector and of other data stored in this token is formed 

such that this program flow is executed based on information 
contained in the token and in the route table. 



9. Method as claimed in claim 1, wherein tokens for which 
30 no match with entries of the route table is possible, are 
deleted . 
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10. Method as claimed in claim 1, wherein at least one 
default processing routine is provided and wherein tokens for 
which no match with an input index field of an entry of the 



at least one route table is possible 
said at least one default processing 



are processed by one of 
routines . 



11. Method as claimed in claim 1, wherein the at least 
one route table has a data structure that is different from a 
table structure and is for instance the structure of an array 
of records or a linked list of memory zones. 



12. Method as claimed in claim 1 or 11 wherein auxiliary 
data structures, for instance hash tables or other lookup 
mechanisms, are provided to access the entries of said at 
least one route table. 



13. Method as claimed in claim 1, wherein at least one 
route table entry contains more than one operation. 



14. Method as claimed in claim 1, wherein the selection 
of route table entries that match a given token is non- 
deterministic . 



15. Method as claimed in claim 1, wherein a token's 
indexing datum is one of being embedded in and of being 
deductible from the token's data packet. 

16. Apparatus for processing and forwarding data packets 
wherein the following items are provided: 

- at least one route table comprising entries containing an 
input index field and at least one of operation code and 
of a program for the execution of an operation, 

- means for assigning a selector serving as indexing datum 
to each data packet, the data packet and its selector 
being parts of a token, 

- means for matching the selector of a packet with the input 
index field of the entries of said at least one route 
table, 
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- means for executing on the matched token the at least one 
operation contained in the at least one matched route 
table entry. 

17. Apparatus as claimed in claim 16, comprising at least 
one microprocessor the architecture of which implements at 
least one of said items. 



ABSTRACT 

The method and the apparatus for processing and 
forwarding data packets (pkt) in a computer network comprise 
5 at least one route table that contains entries each having an 
input index field (s-in) , an operation code or a program (op) 
for the execution of an operation and an output selector 
field (s-out). The data packets (pkt) to be processed are 
each assigned a selector (sel) serving as indexing datum, the 

10 data packet (pkt) and the selector (sel) together 

constituting a token. The selector (sel) of a packet is 
matched with the input index field (s-in) of the entries of 
said at least one route table and the operation (op) 
contained in the matched route table entry or route table 

15 entries is/are executed on the matched token. This processing 
step can be repeated if the operation (op) results in one or 
more output token/tokens. Since according to the invention, 
programs to be executed on data packets (pkt) are stored in 
the route table, data packets (pkt) are directly processed in 

20 the fast data path, while at the same time the router can be 
dynamically reprogrammed . 



(Fig. 5) 



signaling 



_f — ► { routing 



scheduling 



Fig. 1 




Fig. 2 



program 
store 







t config 


\ execute 




network 




*A CPU J. 




network 


interface 


control flow 




control flow """ 


interface 



read j I config 



route 
table 



1 



network 




interface 


control flow 






network 


control flow 


interface 



Fig. 4 



"token 
bag" 








<sel, pkt> 



s-in | op | s-out | i 



control 
--J unit U-- 



new 'routing' module 



Fig. 5 



Docket No.: DT- 33 



Declaration and Power of Attorney for Patent Application 
Erklarung Fiir Patentanmeldungen Mit Vollmacht 
German Language Declaration 



n Eides As a below-named inventor, I hereby declare that: 
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beantragt wird fur die Erfindung mit dem Titel: 

METHOD AND APPARATUS FOR 



My residence, post office address and citizenship are as stated 
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I believe I am the original, first and sole inventor (if only one 
name is listed below) or an original, first and joint inventor (if 
plural names are listed below) of the subject matter which is 
claimed and for which a patent is sought on the invention 
entitled: 



PROCESSING AND FORWARDING DATA PACKETS 
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Anmeldungsseriennummer _ 
eingereicht wurde und am _ 
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